Skip to Content
This project is a work in progress. If you have any questions or suggestions, feel free to contact me.
LinuxFile OperationsExtended Attributes

What Are Extended Attributes (xattr)?

Extended attributes are name-value pairs associated with files and directories in a filesystem, beyond standard metadata (like size, timestamps, and permissions). These attributes store additional information that the standard file system metadata does not cover.

They allow applications and the system to attach arbitrary metadata to a file without altering the file’s content.

Why Use Extended Attributes?

  • Security labels (e.g., SELinux, AppArmor)
  • Access control lists (ACLs)
  • User-defined tags or comments
  • Backup and restore metadata
  • Filesystem-specific flags
  • Digital rights management or file integrity hashes

Key Concepts and Characteristics

  1. Namespace-based: Extended attributes are grouped into namespaces, each with a different scope and purpose.
  2. Filesystem support: Not all filesystems support xattrs. Examples that do include ext3, ext4, XFS, Btrfs.
  3. Non-intrusive: They do not affect the content or readability of the file by applications that do not recognize them.
  4. Invisible to standard commands: They are not visible through standard file operations (like ls or stat), unless specifically queried using special tools.

Types / Namespaces of Extended Attributes

User Namespace (user.)
  • Used for storing arbitrary user-defined metadata.
  • Accessible and modifiable by regular users.
  • Common for storing tags, notes, or user-level flags.

Example: user.comment, user.author

Security Namespace (security.)
  • Reserved for security frameworks such as SELinux or AppArmor.
  • Usually only accessible or modifiable by the kernel or root.
  • Stores security contexts and enforcement rules.

Example: security.selinux

System Namespace (system.)
  • Used internally by the kernel and system-level utilities.
  • Not user-accessible.
  • Stores system-managed metadata (e.g., file indexing, journaling info).

Example: system.posix_acl_access

Trusted Namespace (trusted.)
  • Can only be set and read by privileged (root) users.
  • Often used by system services for integrity, backup status, or access control.

Example: trusted.backup_hash

Raw / Other Namespaces
  • Depending on the filesystem or kernel extensions, other custom namespaces may be implemented (e.g., security.capability, trusted.glusterfs).
  • Sometimes used in clustered or distributed filesystems.

Keynotes Summary

ConceptDescription
Extended attributesName-value pairs stored with files, offering metadata beyond standard info
Invisible to ls/statMust be accessed via specialized tools or APIs
Filesystem supportOnly available on modern filesystems like ext4, XFS, Btrfs
NamespacesScoping mechanism to organize attributes
user.User-defined metadata
security.Used by SELinux, AppArmor for labeling
system.Reserved for kernel use
trusted.Restricted to privileged users (e.g., root)
Last updated on
View FilesFile Permissions